Yahoo Music Unlimited hacked already?
by Barb Dybwad 
posted May 30th 2005 at 7:00PM
Nobody seems to be very forthcoming about how exactly this is done, but Robert Chapin reports that his company,
Chapin Information Services, has discovered an exploit in the Yahoo website that allows an individual to download
DRM-free tracks from the Yahoo Music
Unlimited service without ever having paid for them. All that is known about the technology behind the hack is that
you don't "have to be a technical genius" to do it. Apparently, Chapin has been trying without success to contact Yahoo
and inform them about the exploit, and has received all of a two sentence email in response. The hack appears to be the
result of some design flaw in the Yahoo website, but it looks like we're just gonna have to wait out the knowledge on
how to, um, continue these security tests for ourselves.
[Via GigaOm]
Filed under: Home Entertainment, Portable Audio
Reader Comments (Page 1 of 1)
mike @ Dec 19th 2005 1:21AM
what a lot of people don't seem to get is... Apple OWNS the HD market for music players. 90%+.
Okay?
So when they talk about how this subscription can stream songs and you can get that on your portable player... the experience of the VAST majority of customers is therefore...streaming to a flash player.
Get it?
So people are streaming to flash players.. so they're listening to.. you know.. around 50-100 songs.. I mean.. the whole 'all you can eat' thing is a crock.. only because we know that certain HD players (of which, 95% are made by Apple) don't work with this thing..
At the end of the day, people streaming to their flash players.. I mean.. Yahoo is doing this to get mindshare.. at the end of the day, Yahoo sells advertising. Wow. No wonder there's so many Yahoo Zealots out there..
;)
NBK @ Dec 19th 2005 1:21AM
tell me tell me,
I am always having hard time with getting in contact with yahoo.
possibly 1ST post
matt @ Dec 19th 2005 1:21AM
how do you hack it? PLZ tell me! PLZ
Falsoman @ Dec 19th 2005 1:21AM
Hehe, well, if you can download DRM free windows media from yahoo... then you could import the files to iTunes, turn them into MP3 and fill your iPod.
Jon @ Dec 19th 2005 1:21AM
Holy crap... how did this link get posted??? Is someone friends with this guy? People, look at the website, we are obviously dealing with someone on the fringe playing in the real world....
dan @ Dec 19th 2005 1:21AM
[quote]So people are streaming to flash players[/quote]
Yo Dude there is curently not a single flash DAP supported by Yahoo! subscription service.
eee @ Dec 19th 2005 1:21AM
#5 what do you mean?
Matt @ Dec 19th 2005 1:21AM
ya I want to know. if yahoo doesn't acknowledge something serious like that right away they deserve to be downloaded from so let me knowwwww
Lars @ Dec 19th 2005 1:21AM
"This price WON'T LAST."
Well, that's disappointing. What if the service doesn't do as good as expected? Then they have to raise the price, because "this price won't last." Then even less people sign up.
Jon @ Dec 19th 2005 1:21AM
#6, look at his site.
He claims to be the president of a web design company and yet his portfolio is sparse and includes his own MSFrontPage-looking site as his latest reference! His site has one other "news" item which includes an angry letter he wrote to the government. His "portfolio" has his old college website listed and which also has angry letters to the government and proclomations of "don't buy CDs!" in the banner. What are we considering valid news sources nowadays???
akbar @ Dec 19th 2005 1:21AM
Can someone tell me wtf is the point of reporting on something like this? What's so great about someone hacking iTunes or Yahoo to remove DRM and/or download without paying? Anybody who is using a computer has downloaded a song or two from limewire/kazaa/bittorrent etc. So why do people waste their time hacking these things?
eee @ Dec 19th 2005 1:21AM
#9 good point.
#10 bc with a site like that you can download 8000 songs in a week at superfast speeds, as everyone did with napster before they plugged it.
Eric J. @ Dec 19th 2005 1:21AM
I've been predicting something like this - I think the best business model for these all-you-can-eat services is for a hack like this to come through every 3-4 months, be open for two weeks and then get slammed shut. They'll get tons of sign-ups during those windows, and still be able to sell individual downloads the rest of the time.
JimK @ Dec 19th 2005 1:21AM
I bet it's real, and it's something so obvious that Yahoo will be on it in a flash if it gets released to the wild.
Watch it be that the music is stored on a server with anonymous FTP access or something stupid.
Raffi @ Dec 19th 2005 1:21AM
lol Mike, what a joke. There are people out there without an ipod you know. I have a iRiver and frankly, I will never give apple my money for an ipod. So you're stereotype that Yahoo shouldnt waste time selling "all you can download" type services is stupid because clearly I am one of those many people that prefer other companies over Apple.
And besides, a lot of flash players out there are 512mb to 2gigs now. Thats plenty of space. Troll.
mike @ Dec 19th 2005 1:21AM
akbar.. not to nitpick..
you cannot get iTunes songs w/o paying.. the 'hacks' take away restrictions after you've paid..
that's why guys like Napster and Yahoo are worried about hacks more than Apple..
Furthermore.. p2p does not really mean anything to most people who are not computer geniuses. That's Apple's market..
Oh yeah.. and. er.. Yahoo's too..there' in there somewhere ..
David:moua @ Dec 19th 2005 1:21AM
I subscribed to the 7 days trial Y! unlimited music 2 weeks ago.
I downloaded a few tracks/albums.
I canceled the subscription, since a week i can't download anymore for free, and i can't listen music stream anymore.
However, downloaded track still works, with the yahoo software and even with winamp.
Is it normal ? How long can play these tracks ?
[David:moua]
Raffi @ Dec 19th 2005 1:21AM
As far as I know, it runs like Napster. If you cancel the unlimited plan, you cant listen to your music anymore.. (or something like that) I'm no pro on the topic. Try checking Yahoo's site for info.
SlothArson @ Dec 19th 2005 1:21AM
Ok ok. So a web media giant like Yahoo screws up a big new service, and it hits mainstream news. I say, big whoop. Anyone out there that is download crazy enough to start testing out every little bug in this (poorly designed) service, should consider two things:
1. That Yahoo will undoubtedly fix this problem soon. If they started this service as a legal paying service, then they have service agreements with the companies that provide them music. When this music is being stolen, you can bet that the companies providing it are going to be raising a fuss to Yahoo about it, so even if you folks have a hard time communicating with Yahoo, they don't, and with a problem like this, (one that probably involves a breech of some contract somewhere) I'm sure that soon enough you will all be needing to find alternatives to this method.
2. It would be way easier to just pay the lousy 99 cents a song for iTunes or $10 a month for an unlimited napster account. And for those of you who are bent on free, there are always programs like AudioHijack that will easily capture and convert any streaming audio from any source...
mike @ Dec 19th 2005 1:21AM
Mike, what a joke. There are people out there without an ipod you know. I have a iRiver and frankly
---
I notice you didn't bother correcting me. The 'rest of the HD market' is about 5%.. that's plenty? Okay..
Furthermore, Apple is starting to swallow the flash market too.. they have about 60% of that...
Lastly.. no one said 2 gigs wasn't a lot of music.. I have a 4 gig player and it's perfect for me.. BUT.. the 'all you can eat' tagline which was started by Napster is a crock because most Napster compatible players out there (and of course this applies to Yahoo) are FLASH PLAYERS.
Get it?! The 'unlimited' thing is .. in fact.. quite limited. A 512MB player holding about 150 songs.. yes.. all you can eat indeed...
You try to 'burn' me by stating you OPINION? Ouch. You're entitled to your opinion. Meanwhile, I have facts and insightful reasons for my comments.
Raffi @ Dec 19th 2005 1:21AM
"Get it?! The 'unlimited' thing is .. in fact.. quite limited. A 512MB player holding about 150 songs.. yes.. all you can eat indeed..."
No you dont seem to get the point. Sure its a marketing ploy, but you cant tell me that Apple doesnt use marketing ploys all the time. You think they are an angel company? Give me a break.
It's not like you can only download as many songs as you can fit onto your player. Many people go home and switch the songs on their player with new ones from their computer every few days. You can download all you want from the service, but so what if you cant fit them all at once into your player? Rotate, its what almost every flash player owner that has a large playlist does.
It's not something I have to deal with, because I have 20 gigs to use up, but I have tons of friends with players (none of which that are Apple made, by the way. That 5% is a lot considering how many are sold in total.)
akbar @ Dec 19th 2005 1:21AM
Can someone tell me wtf is the point of reporting on something like this? What's so great about someone hacking iTunes or Yahoo to remove DRM and/or download without paying? Anybody who is using a computer has downloaded a song or two from limewire/kazaa/bittorrent etc. So why do people waste their time hacking these things?
Christopher @ Dec 19th 2005 1:21AM
Apple's HD market share is 92%.. which gives about 8% for the rest of the HD player.
and soon HD based cellphones will come.. like Nokia N91's 4GB music player and samsung has one coming too
doraemon @ Dec 19th 2005 1:21AM
booooorrrring this apple fun boys minority...
They have money to buy a G5 and money to buy every single track, but they are just envy of people that can get all music for 5$/month.
Soon you will have your ipodcaster with itunes whatever. Happy now?
TxdoHawk @ Dec 19th 2005 1:21AM
I will laugh if this is the old "zomg you can output the audio to a recordable source that accepts line-in and record it that way!". I recall one giant music service (I think it was Apple's iTunes, actually) telling the record companies that this was an exploit in another's service, when in fact you can do this with *any* service.
Also, you silly kiddies looking for free music, go learn how to use the newsgroups, or a safe p2p app, or Bittorrent, or one of 50 billion other ways to steal music. Have you all gotten so lazy that you can't do a little hunting for your tunes?
Greg @ Dec 19th 2005 1:21AM
@#18: the songs you download from yahoo will automatically expire after about a month. As long as you are subscribing your songs will get a new DRM patch every now and then. When you cancel, the files on your PC will expire within no more than a month.
Take any file, look at its Properties; somewhere deep down it will show you the expiration date. (It will also tell you whether its burnable, etc..)
matt @ Dec 19th 2005 1:21AM
so i don't understand how is it done!
pat @ Dec 19th 2005 1:21AM
Ok i don't want to be a troll but can someone point me in the direction of where the 60% on flash players being ipod shuffles is?
Just that i'm in Australia and out of the people i know who own flash players i can only think of one that owns a shuffle.
mr smartass @ Dec 19th 2005 1:21AM
assessing your whole paronoid theory's ok yes its probably a marketing ploy ~ yes its probably a corporate fishing ploy for future exploits to their security and yes people can use the 50 billion other ways to pirate music
but it would be nice if things would come tagged properly song title - artist.filetype ok i know there are programs like godfather or musicmatch jukebox to do batch operation tagging and file renaming but i dont want to have to do that
on top of that it would also be nice to get lossless media or a close approximation with a half standardized bitrate i know im probably asking 2 much but cmon is it that hard to create some sort of audio grabbing and storing software i mean i have seen video players that can rip any video stream off the internet it wants why cant we do this with stupid drm if someone could explain this to me withought flaming me because they had someone piss in their coco puffs this morning that would be great 2
sorri one last thing if someone could possibly accept the fact that vmware is a good solution to preserving your old drm untill someone finds an exploit that would be great if you need to understand what im talking about here search many of the hacked sites out there i-hacked.com hackaday.com any site like that would do sure it sounds like a big and complicated idea but pls stop posting stupid already solved problems
mike @ Dec 19th 2005 1:21AM
They have money to buy a G5 (a G5 iMac costs about 1300) and money to buy every single track(Yeah right.. the best p2p software for the Mac is called AcquisitionX), but they are just envy of people that can get all music for 5$/month. (Not even close. I was pointing out the hilarious deception perpetrated by the whole premise... Unlimited is useless if you're using a 256 MB player.. which most WMA guys are..)
BTW, I have an MP3 player.. you don't have to explain the notion of 'syncing' to me.. cheers.
Rob @ Dec 19th 2005 1:21AM
Still don't get why more people don't understand just how bad these subscription services are... WMA files that you'll get when you purchase music downloads are subject to the big baddie: DRM.
DRM straightjackets you by placing tight limits on how many times you can make a copy of a song (between different computers, mobile devices, or MP3 players) or burn music you've purchased to CD. You don't buy music with those services - you rent it.
With that in mind, I continually urge people to buy music on CDs then rip 'em to MP3 format to use on PCs, mobile gadgets, or nearly anything. This way, you're protecting your music investment while "doing the right thing."
KR @ Dec 19th 2005 1:21AM
Geez, who gives a crap! I like music as much as the next guy, but come on what are you going to do with all of the stolen music once you get it? Granted I use itunes music store exclusively, but every now and then they don't have the tune I'm looking for, so I then resort to limewire as my only option. Why don't these fly by night music stores open up to the mac, then I would be completely legit! I guess my moneys no good, huh? I've probably got more disposable income than most windows losers. How very short sighted!
Randy @ Dec 19th 2005 1:21AM
The companies offering "Unlimited" music aren't using any ploy or bending the definition of unlimited.
It's the consumers who think they can only play the music on a DAP that are unfortunately misled.
RichardBronosky @ Dec 19th 2005 1:21AM
#10,
Yeah, I never acknowledge developers of sites with (deprecated) FONT tags as professional. This guy just want publicity, and he got it. Very sad.
Russell @ Dec 19th 2005 1:21AM
Pat (#28), all the market share percentages that people are using (60% of flash player market, 92% of HD players) are the market shares inside the US only. Outside the US, the numbers are very different.
Thom @ Dec 19th 2005 1:21AM
#21, #29... Mike, get a clue.
The service downloads ALL gigabytes of music you can consume onto your hard drive. How many, and which songs you choose to put onto a flash player is up to you... The size of you flash player has NO bearing on the amount of music you can subscribe to.
Gunderstorm @ Dec 19th 2005 1:21AM
I had a party over the weekend and set my laptop up on my deck and let people download what they wanted to hear using Y! Unlimited. Since it was my laptop and some lousy speakers I didn't care about (outside), it didn't sound the greatest, but everyone loved it. It isn't tough to stump the Y! catalog (no complete Pixies?), but my guests really enjoyed the idea that they could download anything they could find. It was a big hit.
The interface is a bit slow, but hopefully they'll have that fixed by the end of Beta.
If you're converting your means of listening to "digital only" and you're not an iPod owner, renting your music for $60 a year is pretty sweet. I've got an audio streamer to my home stereo, a Rio Carbon, and a 20GB hard drive in my car. Unlimited? Pretty darn close.
Timmah! @ Dec 19th 2005 1:21AM
#28
Australians (actually, pretty much the rest of the world) are a lot smarter than the average American. That's why they don't have iFad Shuffles. No such luck here, everyone's a retarded sheep caught up in trying to keep up with the Joneses.
scott @ Dec 19th 2005 1:21AM
mike, by all means, please, continue to use your spyware-prone IE since it has 90% of the market.
And, your facts are just wrong. The ONLY players that work with subscription services are HD players. I can put a good chunk of Unlimited on my 30GB Dell DJ. And if you don't like Dell, you have Creative, Samsung, iRiver, RCA. How many choices do you have with iTunes?
john Ragsdale @ Dec 19th 2005 1:21AM
This is lamer than gawker.com's ridiculous news. This is such a scam:
-The website that this "news" is located on is Copyrighted by Chapin Information services, the same company that claims to have found the security flaw, and the "porfolio" links to this dudes lists of websites, which, can you imagine, contains none other than CIS (chapin information services)
-Clearly just publicity wh0ring
Osiris @ Dec 19th 2005 1:21AM
Okay, I'm finding this sad.
The original purpose of the 'news' was to inform the reader on what may or may not be happening with Yahoo!'s music service. It started on the right course in so far as comments were concerned. Several of you even went so far as to /really/ actively dig around concerning the actual validity of the source.
Good on you. I'd personally like to know for curiosity's sake.
However, very short order has shown the debate turning into 'Wind0z Suxx0rz!' or 'Apple iz S4t4n' or whatever else most of you are muttering about. Frankly, I find it distrubing that most of you can't find the time to hit the 'SHIFT' key every now and then.
Who cares what player you have? I personally have an iPod and a flash based Phillips player. Both have their purposes and get used frequently. I would personally prefer DRMless media since I use iTunes primarily and can't stand the fact that my /property/ (Since that's what it is when I /buy/ it for $0.99) has a half-life to it.
Then, of course, the conversation breaks down to 'My people are smarter than your people!'. Grow up. Get enlightened. Here, I'll help:
92% (As mentioned previously though the numbers I find only state roughly 82%) of the HD market is iPod in the US. According to www.timesonline.co.uk, approximately 22 MILLION iPods are owned in the US.
The population of Australia is only 20,090,437 as of this year. There are more iPods in the US than there are people in an /entire/ country. According to www.smh.com.au, estimates are rough but they suggest anywhere between 200,000 and 1 million iPods owned in Australia. At a middle number of an est. 500,000 iPods in australia, that accounts to 2.5% of the country's population. It could be as high as 5% if closer to 1 million. Personally, I think that's damn impressive of Apple considering the fact that it (Up until recently) couldn't give a crap about giving a customized country-specific iTunes to Australia.
That 22 million American's who own iPods? That's only 8% of the nation's total population.
Of course, I think we might be pleasantly surprised to see what the overall ratio of iPod to Others might be in both countries. The figures just might surprise us. Also, please consider that in Australia, Apple has essentially been treating their music fans as second rate buyers with no real devoted focus on selling music to them via iTunes. Destra, AU's ruling leader, is keeping an eye on Apple as it slowly turns its head to the once-convict colony.
In closing, the numbers speak for themselves. It seems, per person, that Americans and Australians cannot be proven to be more or less intelligent from the other when based solely upon the purchasing habits regarding their digital media players.
Oh yeah. Grow up.
Jared @ Dec 19th 2005 1:21AM
For those of you who have subscribed to Yahoo and Napster or other sites where you can stream everything, what is the bitrate quality of the streaming audio? is it lower than the bitrates you can download? if the stream quality is low who cares if you can 'record all you want'. i don't want to 'listen all i want' to poor quality music.
Duuude @ Dec 19th 2005 1:21AM
I just downloaded a song from YME @ 192 kbps. Anyone heard of a YME exploit??
bob @ Dec 19th 2005 1:21AM
OK! Does ANYBODY know how to do this exploit? Or has it been fixed by Yahoo? Everybody keeps talking about this, yet no one has any proof that they know how to do it!!! BTW, #42, I have the basic version of Yahoo! Unlimited, and the quality seems to be pretty good for streaming, if you haven't found out for yourself. PLEASE RESPOND! Thanks!